Wholesale VoIP Featured Article
Don't Leave VoIP Security to Chance
If you’re in the VoIP business, you’re probably enjoying all the growth the industry is experiencing. The problems that come with that rapid growth? Not so much. The challenges can be wide-ranging, but because clients expect all you promised when you signed them, you’d better be ready to act on a moment’s notice.
That’s the gist of the thought behind a recent blog post by VoIP Innovations (News - Alert) Technical Services Rep Justin Cornish, who knows firsthand about such issues. In his post, Cornish relates the tale of an attack on a client where some 100,000 plus calls were falsely placed to high-cost destinations. The attack is known as International Revenue Sharing Fraud (IRSF), and they’re not as uncommon as you’d like to believe.
“One of the most common questions we see in regards to this sort of occurrence is ‘Why me?’ Cornish wrote. “Unfortunately, it isn’t just you. A rough estimate of about $40 billion per year has been reported in reference to VoIP fraud. As networks steadily become larger and more complex, security of these networks becomes exponentially more complex and sadly, insufficient.”
Cornish goes on to point out that while most assume the hacker is just some lay-about with time on his or her hands, the problem goes deeper than that, and spells out how it works.
“The assailant (hacker) strikes a deal with a local carrier in a high cost area such as many international mobile numbers and satellite phones,” Cornish pointed out. “The deal being that if the hacker can successfully increase the traffic to that area (traffic pumping), he or she nets a percentage of the profits. Effectively turning your money, into their money, without breaking a sweat. And, as the calls cross international lines, it becomes all but impossible to track from a legal standpoint, leaving all involved parties to pack up and start scoping the next victim before the previous one is even aware of the issue.”
Chilling indeed, but there are steps you can take to block such thievery.
“As cliché as it may seem, the best approach regarding this sort of VoIP Security occurrences is that of a proactive one,” Cornish said. “Stop the attempt before it starts. With larger networks, it is nearly impossible to protect each and every access point. This is especially difficult for retail providers, wherein clients gain access through a variety of devices. Often the intrusion occurs at the smallest and regularly weakest point.”
There are other steps to take, as Cornish notes in his blog post. But there are always the basic steps worth heeding.
“The basic principles remain, network security and password control,” he wrote. “Ensure that only specifically authorized devices and services can receive or initiate calls. Then control the passwords on those devices as much as possible. Crank up the strength requirements wherever possible and require changes often. As annoying as that may be, when you realize that it may have just saved you a few thousand dollars, it becomes a bit more favorable.”
Edited by Maurice Nagle